Data analytics and the battle to stop insider threats

Insider threats are a big problem for government, but can be thwarted with analytics. Flickr image by Mike MacKenzie

Bloomberg Government reported in the 2017 fiscal year that federal agencies could commit more than $1 billion on countermeasures for insider threats. Whether that number turned out to be accurate or not, it highlights the priority that the federal government is placing on protecting its information and data from being infiltrated…from the inside.

Insider threats remain one of the biggest issues for government information security. These threats not only come from employees that use or sell their access to information for personal gain, but from staff that mismanage data in ways that put it at risk.

Analytics to thwart insider threats

Insider threats present a multi-tiered problem for agencies without a clear answer. Like most large governmental problems, removing, or even greatly reducing, insider threats will take a range of solutions, tools and policies across many levels of government.

Analytics can be one of those solutions, reducing insider threats through a number of techniques, including:

Anomaly detection. This uncovers abnormal patterns in user behavior. Agencies can gain an understanding of what constitutes normal behavior, and identify instances when a user’s activity strays too far from that baseline.

Rules-based filtering. Unlike traditional rules-based approaches that can suffer from rampant false positives, an analytics-based method weighs the pertinence of possible anomalies. Instead of sending an alert every time something seems off, the system can decide its value, adding business context to prioritize potential risks.

Predictive models. As its name suggests, predictive modeling looks at past data to find trends for the future. This is not just identifying past patterns, but using information about past behavior and applying it to new information to make assessments.

Network analysis. Network analytics detects patterns and connections that indicate potential new threats or collusive behavior. The system can notify analysts as soon as a new threat occurs, allowing investigators to focus their attention on the most serious issues.

These analytics tools can provide government officials with information and visibility into nefarious activity. This information can be used to guide decisions, support policy changes, and empower analysts to get to the heart of insider threat activity.

Using Data for Good

The role of analytics in government was a key talking point at the recent SAS Federal Open House. Not only in relation to how analytics can help reduce insider threats, but how using analytics for this task fits into the greater movement to use government data for good.

Analytics have traditionally been seen as a way to save money and improve operations, but they can provide valuable insights into almost every aspect of government work. Insider threats are a perfect example. By using analytics to reduce insider threats federal agencies can spend less money recovering from large cybersecurity breaches.

While it is difficult to find exact numbers, it is believed that the breach at the Office of Personnel Management will cost the government more than $1 billion. Breaches are expensive, not only to try to make the victims whole, but to repair obviously broken systems. Data analytics can provide a valuable tool in helping discover and mitigate insider threats, and their costly consequences.

About Author

As a Solution Specialist within the Security Intelligence Global Practice, Jen is focused on providing subject matter expertise and assistance to Government teams addressing various security risks such as Cyber Security, Insider Threat, Targeting/Lead Generation, and other Intelligence-specific applications of the SAS Security Intelligence Foundation. Having served as an all-source intelligence analyst in the United States Army, and having since worked closely with numerous law enforcement, defense, and intelligence organizations around the world, Jen has a unique and comprehensive view within these areas and how their tradecraft and missions vary. Jen has worked in mission areas to include; counterterrorism, counterespionage, counternarcotic, peacekeeping missions, priority intelligence requirements, and the Balkans (Bosnia-Herzegovina).
Over the last 22 years, Jen has held a security clearance with numerous agencies supporting organizations such as FBI, DEA, NSA, CIA, NCTC, State Department, Department of Energy, and also State and Local Law Enforcement. Jen also has in-depth knowledge (through previous employment) of technology and information companies such as i2, Dun & Bradstreet, Choicepoint and Thompson Reuters.